[Serusers] Ser stop responding requests when scanned with SiVuS

Hoa Thai Duy hoathai at vngt.vn
Mon Oct 24 11:09:19 CEST 2005 

Dear Greger

 

Processes

 

root at test01 root]# ps -ax

  PID TTY      STAT   TIME COMMAND

    1 ?        S      2:45 init

    2 ?        SW     0:00 [migration/0]

    3 ?        SW     0:00 [migration/1]

    4 ?        SW     0:00 [keventd]

    5 ?        SWN    0:00 [ksoftirqd_CPU0]

    6 ?        SWN    0:00 [ksoftirqd_CPU1]

   11 ?        SW     0:00 [bdflush]

    7 ?        SW     2:33 [kswapd]

    8 ?        SW     0:04 [kscand/DMA]

    9 ?        SW    23:56 [kscand/Normal]

   10 ?        SW     0:05 [kscand/HighMem]

   12 ?        SW     0:39 [kupdated]

   13 ?        SW     0:00 [mdrecoveryd]

   21 ?        SW     7:13 [kjournald]

  618 ?        SW     0:00 [kjournald]

  869 ?        S      1:10 syslogd -m 0

  873 ?        S      0:00 klogd -x

  883 ?        S      1:34 /usr/sbin/sshd

 1032 ?        SW     3:21 [vmmemctl]

 1096 ?        S     81:30 /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid

 1106 ?        S      0:00 login -- root     

 1108 tty2     S      0:00 /sbin/mingetty tty2

 1109 tty3     S      0:00 /sbin/mingetty tty3

 1110 tty4     S      0:00 /sbin/mingetty tty4

 1113 tty5     S      0:00 /sbin/mingetty tty5

 1114 tty6     S      0:00 /sbin/mingetty tty6

 1197 tty1     S      0:00 -bash

 1574 ?        S      5:33 svscan /etc/service

 2248 ?        S      0:00 /bin/sh /command/svscanboot

 2250 ?        S      5:40 svscan /etc/service

 2251 ?        S      0:00 readproctitle service errors: ...........................................................................

 8290 ?        S    152:15 python2.3 ./proxydispatcher.py --log=/usr/local/mediaproxy/log_dispatcher

 9912 ?        S      0:00 /bin/sh ./bin/mysqld_safe --user=mysql

 9936 ?        S      0:03 [mysqld]

 9937 ?        S      3:05 [mysqld]

 9938 ?        S      0:00 [mysqld]

 9939 ?        S      0:00 [mysqld]

 9940 ?        S      0:00 [mysqld]

 9941 ?        S      0:00 [mysqld]

 9942 ?        S      9:40 [mysqld]

 9943 ?        S     14:47 [mysqld]

 9944 ?        S      0:00 [mysqld]

 9945 ?        S      0:00 [mysqld]

17660 ?        S      0:00 in.tftpd -l -s /root/tftpboot/

20616 ?        S     21:31 /usr/bin/perl /usr/bin/radiusd radiusd -dictionary dictionary -config_file /usr/local/etc/raddb/radius.cf

23564 ?        S      0:00 /usr/lib/rpm/rpmq -q --all

20136 ?        S      0:04 /usr/sbin/sshd

20138 pts/2    S      0:00 -bash

20182 pts/0    S      0:00 -bash

20235 pts/2    S      0:01 ./openser -f /home/config-file/ser.cfg start

20236 pts/2    S      0:00 ./openser -f /home/config-file/ser.cfg start

20237 pts/2    S      0:00 ./openser -f /home/config-file/ser.cfg start

20238 ?        S      0:00 [mysqld]

20528 pts/0    R      0:00 ps -ax

 

This is top show right after it stop responding to clients

 

15:30:47  up 23 days, 23:23,  3 users,  load average: 0.28, 0.10, 0.03

54 processes: 53 sleeping, 1 running, 0 zombie, 0 stopped

CPU0 states:   0.5% user   2.0% system    0.0% nice   0.0% iowait  96.4% idle

CPU1 states:   0.1% user   0.3% system    0.0% nice   0.0% iowait  99.1% idle

Mem:   513204k av,  473224k used,   39980k free,       0k shrd,   45344k buff

                    220468k actv,    1512k in_d,    9504k in_c

Swap: 1044216k av,       0k used, 1044216k free                  334832k cached

 

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND

 8290 root      21   0  5084 5084  2552 S     0.7  0.9 152:12   1 python2.3

20219 root      15   0  1132 1132   856 R     0.5  0.2   0:04   0 top

  883 root      15   0  1500 1500  1256 S     0.3  0.2   1:38   0 sshd

20235 root      15   0  4832 4832  4064 S     0.3  0.9   0:01   0 openser

 1096 root      17   0  6472 6472   472 S     0.1  1.2  81:28   1 vmware-guestd

    1 root      15   0   472  472   420 S     0.0  0.0   2:44   1 init

    2 root      RT   0     0    0     0 SW    0.0  0.0   0:00   0 migration/0

    3 root      RT   0     0    0     0 SW    0.0  0.0   0:00   1 migration/1

    4 root      15   0     0    0     0 SW    0.0  0.0   0:00   0 keventd

    5 root      34  19     0    0     0 SWN   0.0  0.0   0:00   0 ksoftirqd_CPU0

    6 root      34  19     0    0     0 SWN   0.0  0.0   0:00   1 ksoftirqd_CPU1

   11 root      25   0     0    0     0 SW    0.0  0.0   0:00   0 bdflush

    7 root      15   0     0    0     0 SW    0.0  0.0   2:33   0 kswapd

 

 

The SER log is at  <http://s13.yousendit.com/d.aspx?id=2E1VPTKYK3EL9353MJ1NB73LJ0> http://s13.yousendit.com/d.aspx?id=2E1VPTKYK3EL9353MJ1NB73LJ0

 

Brgds

 

Hoa

 

 

  _____  

From: Greger V. Teigre [mailto:greger at teigre.com] 
Sent: Monday, October 24, 2005 12:23 PM
To: Hoa Thai Duy; serusers at lists.iptel.org
Subject: Re: [Serusers] Ser stop responding requests when scanned with SiVuS

 

Hoa,

That server is not responding right now. But it would be helpful if you could provide any log messages from ser and more info on processes running, what top shows etc.

g-) 

----- Original Message ----- 

From: Hoa Thai Duy <mailto:hoathai at vngt.vn>  

To: serusers at lists.iptel.org 

Sent: Monday, October 24, 2005 05:30 AM

Subject: [Serusers] Ser stop responding requests when scanned with SiVuS

 

Hi all

 

Yesterday, I downloaded and scanned  my stable SER system (production), and it stoped responding to Subscriber requests.

The Tool is at http://vopsecurity.org/sivus-1.09.exe, remember to have JRE installed on Windows.

 

I deployed the configuration guideline at onsip, OpenSER 0.9.5

Anyone have tested the Security Scanner, pls. help

 

Brgds

 

Hoa

 

 


  _____  


_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051024/97a32cfd/attachment.htm>

More information about the sr-users mailing list